Lotus Notes HTML Speed Reader URL buffer overflow

Added: 02/17/2006
CVE: CVE-2005-2618
BID: 16576
OSVDB: 23068

Background

Lotus Notes is the client for Lotus Domino servers.

Problem

A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a long link URL.

Resolution

Upgrade to version 6.5.5 or 7.0.1 or higher.

References

http://secunia.com/secunia_research/2005-32/

Limitations

Exploit works on Lotus Notes 6.5.4. This exploit sends an e-mail to the specified address and requires the user to follow the ClickOnMe link.

Platforms

Windows

Back to exploit index